Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L12/00—Data switching networks
  • H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
  • H04L12/46—Interconnection of networks
  • H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L12/00—Data switching networks
  • H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
  • H04L12/46—Interconnection of networks
  • H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L12/00—Data switching networks
  • H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
  • H04L12/46—Interconnection of networks
  • H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling

Definitions

• the present invention relates to a method for managing an interconnection between telecommunication networks and a device implementing this method.
• a telecommunication network comprises a set of electronic devices, such as computers, printers or information storage devices, which exchange data, in particular by means of interconnection devices, called network nodes, making part of the network.
• interconnection devices generally comprise physical interconnection means (or “hardware” in English), such as switches, and software interconnection means (or “software” in English).
• a telecommunication network may also be related to devices outside this network, some of its nodes serving as a communication gateway to these external devices. These nodes are then called devices or gateway nodes.
• Each device in a network has a unique and unique address that allows it to send information.
• this information is transmitted from a first device to a second device via third-party devices of the network, it is said that this information is routed through this network.
• the provider networks may include interfacing means for communicating with the different client networks so that a first device of a first client network can communicate with a second device of a client. second client network as if this second device was internal to the first client network.
• the provider network becomes transparent to the users of the client networks.
• VPN Virtual Private Network service
• client networks connected in this way are managed as if they formed the same network (in particular the set of addresses must be coherent and the set of client networks connected in this way must use the same internal routing protocol IGP) . All of these interconnected client networks in VPN form a single administrative domain.
• a virtual private network 100 ( Figure 1), commonly referred to as VPN, is described below. It includes a client network 106, provided with nodes 104 and electronic devices (not shown) attached to the network 106, located on a geographical site 102.
• the VPN network also comprises another client network 122, in particular containing network nodes 124 and electronic devices (devices not shown) attached to the network 122, located on a geographical site 1 18.
• a provider network 126 interconnects the networks 106 and 122 clients.
• the provider network 126 comprises, in particular, nodes 12, 14 and 16 that manage internal communications channels 126. Some of these nodes 1 12 and 1 16, called provider gateway nodes, have other functions, in particular that of links between the network 126 and the outside of this network 126.
• a client gateway node 108 or 120 is connected to a provider gateway node 1 12 or 1 16 through a link 130 or 132 border so that the data flows. between the network 106 and the network 122 through the network 126.
• IGP internal routing protocol
• PGIs are, for example:
• IS-IS protocol in English "Intermediate System to Intermediate System", ie intermediate system intermediate system protocol
• Routing Information Protocol RIP
• Routing Information Protocol Routing Information Protocol
• EGP Extensional Gateway Protocol
• Border Gateway Protocol known as Border Gateway Protocol (BGP).
• a problem for the network 126 resides in the implementation of software and hardware means ensuring a satisfactory data transport, and in particular by ensuring their coherence - for example by respecting the order of the transmission packets if the data is transported in packets - , their integrity - when this data is encrypted - and their destination - by interpreting the addresses from the client's communication system.
• a standard used for the management of a VPN network is the 2547bis standard (from the Internet Engineering Task Force (IETF)). called BGP / MPLS (Border Gateway Protocol '/' Multiprotocol Label Switching ', or Border Gateway Protocol / Biquette Multiprotocol Switching Communication Process).
• IETF Internet Engineering Task Force
• the BGP / MPLS standard results from the association of the BGP protocol and the Multiprotocol Switching Communication Process by Biquette, called MPLS (method for setting up one or more virtual circuits or MPLS tunnel, in the network 126).
• a provider gateway node such as node 1 12 or node 1 16, can communicate with the corresponding client gateway node, respectively the node 108 or node 120, using this RIP protocol.
• the present invention results from the observation that, in the context of the 2547bis standard, it is not possible to put in communication two client gateway nodes (like the node 108 and the node 1 18) belonging to the same domain using the protocol RIP, while ensuring that the provider network is transparent to the user of the client networks.
• the BGP protocol can not include all the parameters required by the RIP protocol necessary for the proper routing of the data.
• the BGP protocol does not currently provide specific parameters or objects for encapsulating the information concerning the points of passage of the information in a network using the RIP protocol, whereas this information is contained in the data circulating in a network using the RIP protocol, which causes a loss of information during RIP interfacing
• This message arriving at any point of entry of the domain 128 is redirected to the server 136. Once the message passes through the server 136 and, if there are no security problems, the message is then redirected towards the knot
• the message is transported by the provider network 126 to the provider gateway node 1 12 and then to the client gateway node 108. Since the BGP protocol does not have the extensions to contain, among other things, the waypoints of the message, then the client gateway node 108 can not determine that the message has already passed (and thus has been filtered) by the server. of security.
• Client gateway nodes must be able to communicate with other protocols than they use vis-à-vis the client domain to interface with provider gateway nodes.
• the invention aims to remedy at least one of the problems identified above. Therefore, the invention relates to a method for managing a telecommunication network, called a provider network, implemented to transmit data between at least two telecommunication client networks in order to create a virtual private network between the client networks. , each of these client networks using an internal communication protocol, called the internal client protocol, and each of these client networks having at least one client interconnection device communicating with at least one provider interconnection device of the supplier network, characterized in that the provider network uses a communication protocol, referred to as the provider protocol, including extensions for storing information about the data passing points in the customer networks.
• the provider protocol a communication protocol, referred to as the provider protocol, including extensions for storing information about the data passing points in the customer networks.
• a method in accordance with the invention implements means that make it possible to integrate all the data specific to the RIP protocol.
• the service providers can provide VPN services to create a virtual private network connecting at least two client networks, belonging to the same domain using an internal protocol such as RIP without the administrators of these client networks having to take into account other protocols than their internal protocol.
• client gateway nodes use only the internal protocol of the client network in question.
• the client internal protocol used by the client networks is the Routing Information Protocol.
• the extensions contain information identifying the virtual private network vis-à-vis the provider network.
• the Biquette Multiprotocol Switching Communication Method is used in the supplier network.
• the provider protocol and the multiprotocol switching communication method are interfaced with Biquette.
• the invention also relates to an interconnection device.
• the interconnection device comprises means for implementing the method according to one of the preceding embodiments.
• the interconnection device comprises a router.
• the interconnection device comprises a server.
• the interconnection device comprises means for opening, managing and closing one or more sessions of the internal client protocol.
• the interconnection device comprises interfacing means between the internal client protocol of the client networks and the provider protocol.
• the interconnection device comprises interfacing means between the provider protocol and the method of
• the invention provides that the communications transmitted by the provider network provides an extension that is implemented only when the client network uses a specific protocol, namely a protocol storing the data passage points.
• the provider network does not store the waypoints in the provider network so that the provider network remains transparent to users of the customer networks.
• Figure 1 already described schematically shows a virtual private network of the prior art 2 schematically represents a virtual private network connecting two client networks according to the invention
• Figure 3 is a schematic representation of the data processing for their transport in a virtual private network according to a method according to the invention.
• FIG. 2 schematically shows an embodiment of the invention.
• a provider network 232 is used to realize a VPN network 200 between two networks 204 and 222 clients, respectively on the geographical sites 202 and 228.
• the network 204 includes a client gateway node 206.
• the customer network 222 comprises two nodes 220 and 221 client gateways.
• the provider network 232 (which may be a series of interconnected networks), containing in particular, in its data transport part 234, a series of network nodes using Multiprotocol Switching by MPLS Biquette for the transport of data. between a first interconnection device 208 according to the invention, also called node 208 provider gateway and second interconnection device 215, also called node 215 of the provider gateway according to the invention.
• new extensions are added to the BGP protocol, which then becomes the BGP-RIP protocol, to enable it in particular to convey all the necessary information contained in a communication using the RIP protocol and, inter alia, the information necessary for the identification of the VPN 200.
• the node 208 provider gateway contains in particular: - means 210 software and hardware for opening, managing and closing one or more RIP sessions, called means 210 RIP sessions, means 212 software and hardware interface between the RIP protocols and BGP-RIP, the means 212 being called RIP / BGP_RIP means 212, - 214 software and hardware means, called 214 means
• BGP_RIP / MPLS adaptation between the BGP_RIP and MPLS protocols including the implementation of the MPLS tag, to set up an MPLS tunnel along the transport network 234.
• the supplier gateway node 215 contains in particular: means 218 software and hardware similar to the means 210 RIP sessions, referred to as means 218 RIP sessions (for example FIG. 2 shows two open RIP sessions between the means 218 RIP sessions and the nodes client gateway 220 and 221), means 217 RIP / BGP_RIP similar to means 212
• RIP / BGP_RIP means 216 BGP_RIP / MPLS similar to the means 214 BGP_RIP / MPLS.
• FIG. 3 schematically depicts the processing of a message 300 using the RIP protocol from a client site to go to another client site via the provider network.
• the message 300 has, for example, a structure gathering information 304 to be transported by the network and management data 302 specific to the client management domain 230, including in particular the destination address of the clients. information 304. It should be noted that all of this data is in accordance with the protocol used by the client, namely the RIP protocol in this example.
• this message 300 If the recipient of this message 300 is, for example, on the site 228, while the transmitter is on the site 202, the message 300 must use the provider 232 to reach the other site 228, where it is directed to its location. recipient.
• modules 310 implemented as part of the BGP protocol, already described, and in new extensions 312, including new objects, that are added to this BGP protocol in the context of this invention .
• the set 314 of the modules 310 and the extensions 312 form the parameters of the new BGP-RIP protocol, comprising the elements specific to the BGP protocol and the new extensions necessary for the complete transport of the RIP information.
• adaptation of the set of data 316 to the MPLS protocol is carried out, in particular by adding a label 320 specific to the MPLS protocol which will be used to construct the virtual circuit or MPLS tunnel to the provider gateway node 215.
• the means 216 BGP_RIP / MPLS perform the inverted step 318 on the set 322 of data.
• the interface means 217 in accordance with the RIP / BGP_RIP protocol perform the inverted step 308.
• the means 218 RIP sessions can transmit to the client gateway node 220 or to the client gateway node 221 the message 300 established according to the RIP protocol which therefore arrives at its destination.
• VPN 200 renders the same service in the other direction between the site 228 and the site 202.
• the client gateway nodes use only the client routing protocol as the external routing protocol to the provider gateway node.
• multiple sessions can be opened according to the RIP protocol in the provider gateway nodes.
• this incoming message is intended for an electronic device connected to the node 238 located in the network 204.
• a message arriving at any point of entry of the client 230 is redirected to the server 236.
• the message passes through the server 236, the message is redirected to the client gateway node 220 and then to the provider gateway node 215. Then, the message is transported by the provider network 234 to the provider gateway node 208 and then to the client gateway node 206.
• the client gateway node 206 Since the BGP-RIP protocol has the extensions to contain, among other things, the message passing points, then the client gateway node 206 knows that the message has been passed (and has therefore been filtered) by the security server 236.
• 206 can then pass the message by directing it to the electronic device associated with the destination node 238.
• This invention is capable of multiple variants.
• the means 210 sessions conforming to the RIP protocol the means 212 conforming to the RIP / BGP_RIP protocol and the adaptation means 214 conforming to the protocol.
• BGP_RIP / MPLS can be part of the same devices, be pairwise paired in a single device or be each of them integrated in different devices.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Computer Security & Cryptography (AREA)
• Data Exchanges In Wide-Area Networks (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=34946032

Family Applications (1)

Country Status (5)

Families Citing this family (2)

Family Cites Families (10)

• 2004
  • 2004-06-25 FR FR0451333A patent/FR2872369B1/fr not_active Expired - Fee Related
• 2005
  • 2005-06-23 CN CNB2005800249954A patent/CN100546274C/zh not_active Expired - Fee Related
  • 2005-06-23 US US11/571,039 patent/US8593949B2/en active Active
  • 2005-06-23 WO PCT/FR2005/050483 patent/WO2006090024A1/fr active Application Filing
  • 2005-06-23 EP EP05857317A patent/EP1762051A1/de not_active Withdrawn

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events